## SQUID CONFIGURATION## Listen on Port http_port 3128# Visible Hostna

1. #
2. # SQUID CONFIGURATION
3. #
4. # Listen on Port
5. http_port 3128
6. # Visible Hostname in Error Messages
7. visible_hostname proxy
8. # Hide Source IP Address
9. forwarded_for off
10. # Error Messages in German
11. error_directory /usr/share/squid3/errors/French/
12. # Cache Manager E-Mail address
13. cache_mgr [email protected]
14.  
15. #
16. # Caching Options
17. #
18. # Minimum Object Size: 0!
19. minimum_object_size 0 KB
20. # The bigger the objects will be, slower will be the answers: 10MB
21. maximum_object_size 10 MB
22. # Lowest limit for Cache (in %)
23. cache_swap_low 90
24. # Highest Limit for Cache (in %)
25. cache_swap_high 98
26. # Max Cache capacity in Memory (RAM)
27. cache_mem 1 GB
28. # The highest size of Objects retains in RAM
29. maximum_object_size_in_memory 1 MB
30.  
31. #
32. # Connections Options
33. #
34. # Eject clients with unclean closed connections
35. half_closed_clients off
36. # Reject Persistent Server Connections
37. server_persistent_connections off
38. # Accept Persistent Client Connections
39. client_persistent_connections on
40. client_lifetime 1 day
41. # Connecting Timeouts for Connections
42. connect_timeout 50 seconds
43. request_timeout 50 seconds
44. persistent_request_timeout 50 seconds
45. read_timeout 2 minutes
46. # Aborting Downloads
47. quick_abort_min 20 KB
48. quick_abort_max 20 KB
49. # In Percentage
50. quick_abort_pct 90
51.  
52. #
53. # DNS Options
54. #
55. # Upper limit on how long Squid will cache positive DNS responses.
56. positive_dns_ttl 6 hours
57. # Default Time-to-Live (TTL) for failed requests.
58. negative_dns_ttl 2 minutes
59.  
60. #
61. # Refresh Patterns
62. #
63. # Add any of your own refresh_pattern entries above these.
64. refresh_pattern ^ftp: 1440 20% 10080
65. refresh_pattern ^gopher: 1440 0% 1440
66. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
67. refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
68. refresh_pattern . 0 20% 4320
69.  
70. #
71. # LDAP & Kerberos (Active Directory) Authentication
72. #
73.  
74. ### negotiate kerberos and ntlm authentication
75. auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=LELOUP --kerberos /usr/local/bin/squid_kerb_auth -d -s GSS_C_NO_NAME
76. auth_param negotiate children 10
77. auth_param negotiate keep_alive off
78.  
79. ### pure ntlm authentication
80. auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=LELOUP
81. auth_param ntlm children 10
82. auth_param ntlm keep_alive off
83.  
84. ### provide basic authentication via ldap for clients not authenticated via kerberos/ntlm
85. auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b "dc=leloup,dc=local" -D [email protected] -W /etc/squid3/ldappass.txt -f sAMAccountName=%s -h ad.leloup.local
86. auth_param basic children 10
87. auth_param basic realm Internet Proxy
88. auth_param basic credentialsttl 1 minute
89.  
90. #
91. # ACL Definitions
92. #
93. acl auth proxy_auth REQUIRED
94. acl SSL_ports port 443
95. acl Safe_ports port 80 # http
96. acl Safe_ports port 21 # ftp
97. acl Safe_ports port 443 # https
98. acl Safe_ports port 70 # gopher
99. acl Safe_ports port 210 # wais
100. acl Safe_ports port 1025-65535 # unregistered ports
101. acl Safe_ports port 280 # http-mgmt
102. acl Safe_ports port 488 # gss-http
103. acl Safe_ports port 591 # filemaker
104. acl Safe_ports port 777 # multiling http
105. acl CONNECT method CONNECT
106.  
107.  
108.  
109. #
110. # http_access Rules
111. #
112. ### enforce authentication
113. http_access deny !Safe_ports
114. http_access deny CONNECT !SSL_ports
115.  
116. http_access deny !auth
117. http_access allow auth
118. http_access allow localhost